Vulnerabilities 228
- Preparing for the Inevitable: Why Disaster Recovery Planning is Crucial
- Chinese Cyber Espionage: Critical Vulnerability in Ivanti VPN Appliances Exploited for Third Time in Three Years
- GitHub Supply Chain Attack: SpotBugs Token Leak Targets Coinbase
- Exposing VPN Risks: Popular iOS VPNs Linked to Chinese Companies and Military
- Legacy Stripe API Exploited in Web Skimmer Campaign to Validate Stolen Payment Cards
- Ivanti Patches Critical Connect Secure Zero-Day Vulnerability
- Navigating the Challenges of Disaster Recovery in Modern IT Landscapes
- Critical Google Quick Share Vulnerability Patched: Silent File Transfers Without User Consent
- Europol's Major Operation Dismantles Kidflix: 72,000 CSAM Videos Seized
- CISA Issues Five Critical Industrial Control Systems Advisories
- China-Linked UNC5221 Exploits Ivanti Connect Secure Zero-Day Vulnerability Since Mid-March 2025
- Driving Forces Behind Ransomware's Accelerated Growth in 2025
- Verizon's Call Filter API Vulnerability: Customer Incoming Call History Exposed
- Increased Scanning Activity of Palo Alto Networks Indicates Potential Cyber Threats
- Understanding SAP NetWeaver 7.53 HTTP Request Smuggling Vulnerability
- Remote Vulnerability: ProSSHD 1.2 Denial of Service (DoS) Explained
- Advanced Malware Loaders: Leveraging Call Stack Spoofing, GitHub C2, and .NET Reactor for Enhanced Stealth
- Understanding SSL Misconfigurations: Critical Impact on Your Attack Surface
- Critical Google Cloud Run Vulnerability Patched: Unauthorized Image Access via IAM Misuse
- Critical Disaster Recovery Strategies for Healthcare Organizations During Ransomware Attacks
- FIN7 Exploits SharePoint Vulnerabilities with Anubis Backdoor to Compromise Windows Systems
- Hunters International Shifts Focus: Ransomware Deemed Too Risky
- Bypass Microsoft Account Requirement in Windows 11 with New Trick
- Unveiling Security Risks: How a Global Retailer's CSRF Tokens Were Exposed via Facebook Pixels
- Coordinated Cyber Threat: 24,000 IPs Target PAN-OS GlobalProtect Gateways
- Microsoft Uncovers Critical Flaw in Canon Printer Drivers
- Google Enhances Gmail with Cross-Platform End-to-End Encryption for Enterprise Users
- Critical Authentication Bypass Vulnerability in CrushFTP Exploited in Recent Attacks
- CISA Alerts: New Spawn Malware Exploits Ivanti Vulnerability
- CISA Issues Critical Industrial Control Systems Advisories for April 2025
- CISA Updates Catalog with New Exploited Vulnerability: CVE-2025-24813
- Apple Faces €150 Million Fine from French Regulator Over ATT Privacy Violations
- Apple Addresses Critical Security Flaws: Backports Fixes for Legacy iOS and macOS Devices
- Advanced Security Strategies for High-Threat Environments: Staying Secure in an Unstable World
- CISA Adds Cisco Smart Licensing Vulnerability to Exploited Vulnerabilities Catalog
- Russian Hackers Leverage CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp Backdoors
- Microsoft Leverages AI to Uncover Vulnerabilities in Open-Source Bootloaders
- WordPress mu-Plugins Vulnerability: Hackers Inject Spam and Hijack Site Images
- CISA Updates Catalog with Newly Discovered Exploited Vulnerability
- Weekly Cybersecurity Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
- RESURGE Malware Leverages Ivanti Vulnerability with Advanced Rootkit and Web Shell Capabilities
- Critical Remote Code Execution Vulnerability in XWiki Standard 14.10
- Crocodilus: The New Android Banking Trojan Threatening Spain and Turkey
- Solstice Pod 6.2: Critical API Session Key Extraction Vulnerability Explained
- Cybersecurity Breakthrough: Researchers Infiltrate BlackLock Ransomware Group
- Critical Flaws Exposed in Solar Inverters: Sungrow, Growatt, and SMA Vulnerabilities Pose Major Risks
- Ensuring Unstoppable Business Continuity with Datto BCDR: A Comprehensive Walkthrough
- OpenAI Boosts Bug Bounty Rewards to $100,000 for Critical Vulnerabilities
- Critical Alert: Nine-Year-Old npm Packages Compromised to Steal API Keys
- Critical Security Bypasses in Ubuntu Linux Require Immediate Manual Intervention
- Navigating the Hidden Risks of AI in Cybersecurity and SOCs
- Critical Analysis: Ivanti Connect Secure (RESURGE) Vulnerability Exploited by Threat Actors
- CISA Issues Critical Malware Analysis Report on RESURGE Malware Linked to Ivanti Connect Secure Vulnerabilities
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
- Why CASB Solutions Struggle with Shadow SaaS and How to Address It
- Morphing Meerkat: A Sophisticated Phishing Kit Mimicking 114 Brands via DNS Email Records
- Critical NetApp SnapCenter Vulnerability: Remote Admin Access Risk
- CISA Alerts on Sitecore RCE Vulnerabilities; Next.js and DrayTek Devices Under Active Exploitation
- CISA Updates Catalog with Critical Google Chromium Vulnerability
- Massive Cyber Attack: 150,000 Websites Hijacked by JavaScript Injections for Chinese Gambling Promotion
- Critical Update: Google Patches Chrome Zero-Day Exploited in Russian Cyber Attacks
- Windows 11 Update Causes Veeam Recovery Issues and Connection Errors
- Automated Pentesting: Enhancing Cyber Resilience in Modern Security
- Signalgate Intensifies: Journalist Reveals Secret Houthi Airstrike Chat
- Critical Security Flaws in VMware Tools and CrushFTP: High Risk, No Immediate Fix
- Malicious npm Packages Launching Reverse Shell Attacks via 'ethers' Library Modification
- Cybercriminals Leverage Atlantis AIO for Large-Scale Credential Stuffing Attacks
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
- CISA Updates Known Exploited Vulnerabilities Catalog with Two New Entries
- Cybersecurity Firm Uncovers Vulnerability in BlackLock Ransomware Infrastructure
- Critical Authentication Bypass Vulnerability CVE-2025-22230 Impacts VMware Tools for Windows
- New Phishing Campaign Targeting Mac Users: Security Leaders Weigh In
- Heightened Vulnerability: Rooted Mobile Devices Face 250x Greater Risks
- Researchers Identify Nearly 200 Unique C2 Domains Linked to Raspberry Robin Access Broker
- Critical Vulnerabilities in Ingress-Nginx Put Thousands of Kubernetes Clusters at Risk
- Critical Windows Zero-Day Vulnerability Leaks NTLM Hashes: Unofficial Patch Available
- INTERPOL's Operation Red Card: 306 Arrests, 1,842 Devices Seized in African Cybercrime Crackdown
- EncryptHub Exploits Windows Systems with MMC Zero-Day Vulnerability
- Uncovering Operation ForumTroll: APT Exploiting CVE-2025-2783 in Google Chrome
- Critical CrushFTP Vulnerability: Immediate Patch Required for Unauthenticated Access Flaw
- Critical Updates: CISA Issues Four New Industrial Control Systems Advisories
- Critical Authentication Bypass in VMware Windows Tools: Broadcom Releases Security Updates
- AI-Driven SaaS Security: Managing the Expanding Attack Surface
- Critical Alert: VSCode Marketplace Removes Two Ransomware-Deploying Extensions
- VanHelsing RaaS Operation: Multi-OS Targets, $5K Entry, and Double Extortion
- Critical Security Measures for Power Utility Substations
- FCC Investigates Huawei and Other Blocked Chinese Manufacturers in the U.S.
- Next.js Vulnerability: Critical Flaw Allows Authorization Bypass
- Unauthenticated Remote Code Execution Vulnerability in Ingress NGINX Controller Puts Thousands of Clusters at Risk
- China-Linked APT Weaver Ant's Four-Year Infiltration of Asian Telco Network
- 🚨 Critical Cybersecurity Threats: GitHub Supply Chain Attack, AI Malware, and BYOVD Tactics Exposed
- UAT-5918: China-Linked APT Targets Critical Infrastructure in Taiwan
- Oracle Cloud Denies Data Breach Allegations Amid Stolen Data Sale Claims
- GitHub Supply Chain Attack: Coinbase Breach Exposes 218 Repositories and Leaks CI/CD Secrets
- Operation Zero: Russian Firm Offers Up to $4 Million for Telegram Exploits
- Critical SQL Injection Vulnerability in TeamPass 3.0.0.21
- U.S. Treasury Revokes Tornado Cash Sanctions amid North Korea Money Laundering Investigation
- Exposed: Microsoft Windows NTLM Hash Leak Through Malicious Themes
- Remote Aztech DSL5005EN Router Vulnerability: Unauthenticated Admin Password Change
- Microsoft Trust Signing Service Exploited for Malware Code-Signing
- Viral Video on Western Reddit: Autonomous Taxi Challenges Traffic Police
- Citizen Lab Uncovers Paragon Spyware Targeting Journalists and Activists
- Critical Cisco Smart Licensing Vulnerabilities Actively Exploited in Ongoing Cyber Attacks
- Microsoft Exchange Online Bug: Emails Mistakenly Quarantined, Investigation Underway
- Critical Cisco Smart Licensing Utility Vulnerabilities Actively Exploited
- Top 10 Network Penetration Test Findings IT Teams Often Miss
- Exploiting ChatGPT: Bypassing AI Censorship with Court Orders
- Critical Vulnerability in WP Ghost Plugin: Remote Code Execution Risk
- The Critical Role of Continuous Compliance Monitoring for IT Managed Service Providers
- Critical Ransomware Threat Discovered in VS Code Extensions
- Veeam Patches Critical Vulnerability CVE-2025-23120 in Backup & Replication Software
- Critical Updates: Veeam and IBM Patch High-Risk Vulnerabilities in Backup and AIX Systems
- The Growing Threat of Targeted Spyware: What You Need to Know
- Phishing Campaign Exploits Microsoft 365 Infrastructure for Targeted Attacks
- Advanced LLM Jailbreak Technique Facilitates Password-Stealing Malware Development
- Transforming Toys into Weapons: Chinese E-commerce Drone Accessories Raise Global Security Concerns
- Transitioning from Annual Pen Tests to Continuous Penetration Testing (PTaaS)
- Cybersecurity Experts Criticize Veeam Over Critical RCE Vulnerability and Ineffective Blacklist
- GitHub Supply Chain Attack: 218 Repositories Compromised
- Critical Security Alert: Exploits Targeting Cisco Smart Licensing Utility Vulnerabilities
- CISA Alerts: Critical NAKIVO Backup Flaw Actively Exploited in Cyber Attacks
- CISA Issues Critical Industrial Control Systems Advisories
- CISA Adds Critical NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
- Large Language Models: The Pitfall of Completing Buggy Code
- Navigating Cybersecurity Storms: Strategies for CISOs and Teams to Thrive Under Pressure
- IBM AIX: Critical Vulnerabilities Uncovered and Patched
- Critical PHP Flaw Exploited: Quasar RAT and XMRig Miners Deployed
- Critical SCADA Vulnerabilities in mySCADA myPRO Threaten Industrial Control Systems
- ClearFake Malware Campaign: 9,300 Sites Infected Using Fake reCAPTCHA and Turnstile
- CISA Alerts: Critical GitHub Action Vulnerability Actively Exploited
- CISA Updates Catalog with Three New Exploited Vulnerabilities
- State-Sponsored Groups Exploit Unpatched Windows Zero-Day Flaw Since 2017
- UK Government Seeks Insights on Data Brokers to Enhance Data Sharing Laws
- Mastering Cybersecurity Fundamentals in the AI Era
- Critical Supply Chain Attack on GitHub Action: CVE-2025-30066 Explained
- Critical Supply Chain Attack via GitHub Actions: Urgent Update Required
- Critical Windows Zero-Day Vulnerability Exploited by 11 State-Backed Hacking Groups Since 2017
- Unveiling the 'Rules File Backdoor' Attack: Malicious Code Injection via AI Code Editors
- Critical AMI BMC Vulnerability: Remote Server Takeover and Bricking Risks
- Massive Ad Fraud Scheme Exploits 331 Apps, Impacting 60M+ Users with Intrusive Ads and Phishing Attacks
- Malicious .lnk Files Exploited by Nation-State Actors for Espionage and Data Theft
- Microsoft Alerts Users to StilachiRAT: A Sophisticated Threat to Credentials and Crypto Wallets
- Microsoft's Eight-Year-Old Shortcut Vulnerability: A Spying Tool for Nation-States
- Fortify Okta Security in Four Strategic Steps
- Google's $32 Billion Acquisition of Wiz: A Major Move in Cloud Security
- 'Dead Simple' Vulnerability in Apache Tomcat Actively Exploited: What You Need to Know
- Critical AMI MegaRAC Bug: Servers at Risk of Hijacking and Bricking
- CISA Issues Seven Critical Industrial Control Systems Advisories
- CISA Rehires and Benches Security Staff on Full Pay: A Twist in Cybersecurity Management
- CISA Updates Catalog with Two New Critical Vulnerabilities
- ChatGPT SSRF Vulnerability: A Growing Threat to U.S. Financial and Government Organizations
- Estimated $20B Loss from Potential March Madness Cyber Threats
- Critical Edimax Camera Vulnerability Exploited for Mirai Botnet Attacks Since Last Year
- Rapid Exploitation of New Apache Tomcat Flaw Following PoC Release
- Critical Supply Chain Attack on GitHub Action Puts CI/CD Secrets at Risk
- Novel Cloud-Native Ransomware Attacks: SANS Institute Issues Warning
- Critical GitHub Action Compromise Exposes CI/CD Secrets in 23,000+ Repositories
- Cybercriminals Leveraging CSS to Bypass Spam Filters and Monitor User Behavior
- Threat Actors Exploit CSS for Evasive Phishing and User Tracking
- Critical Apache Tomcat Vulnerability Exploited Within 30 Hours of Disclosure
- Amazon Shifts Alexa Processing to the Cloud, Phasing Out Local Echo Capabilities
- Cybersecurity Weekly Roundup: March 10 - March 16
- Certificate-Related Outages: A Persistent Challenge for Organizations
- Vacation Cybersecurity: 1 in 10 People Take No Precautions
- Critical Cybersecurity Updates: Router Hacks, PyPI Attacks, and New Ransomware Decryptors
- Malicious PyPI Packages Targeting Cloud Tokens: Over 14,100 Downloads Before Detection
- Critical Cisco IOS XR Flaw Allows Attackers to Crash BGP Process on Routers
- Pavel Durov, Telegram Founder, Departs France for Dubai Amid Legal Developments
- Boost Your Cybersecurity Career with a Security Recruitment Firm
- CISA Adds Apple and Juniper Junos OS Flaws to Known Exploited Vulnerabilities Catalog
- Emerging Ransomware Group Linked to Lockbit Targets Fortinet Firewalls
- Live Ransomware Demo: Unveiling the Intricacies of Cyber Extortion
- GSMA Introduces End-to-End Encryption for RCS: Enhancing Cross-Platform Messaging Security
- Critical Cisco IOS XR Vulnerability: Attackers Can Crash BGP on Routers
- Winners Announced for Adaptive Prompt Injection Challenge (LLMail-Inject)
- Unlocking Adobe Features for Free: A Comprehensive Guide
- Unmasking the Booking.com Phishing Scam: Protect Your Hospitality Business
- Unveiling KoSpy: North Korea's ScarCruft Targets Android Users with Fake Utility Apps
- SuperBlack Ransomware: Exploiting Fortinet Vulnerabilities
- Microsoft Reinstates Popular VSCode Extensions After False Alarm
- Meta Cautions Against FreeType Vulnerability (CVE-2025-27363) with Active Exploitation Risk
- Simplifying Jailbreaking: The Context Compliance Attack Method
- Google Rolls Out Fix for Chromecast Devices Impacted by Expired Security Certificate
- Critical ruby-saml Vulnerabilities Unveiled: Potential Account Takeover Risks
- CISA Updates Catalog with Two Newly Exploited Vulnerabilities
- CISA Adds Six Critical Microsoft Windows Vulnerabilities to Exploited Flaws Catalog
- Microsoft Releases Urgent Security Patches for 57 Vulnerabilities, Including Six Zero-Days
- Critical iPhone Update: Apple Patches Vulnerability Exploited in Sophisticated Attacks
- FBI Alert: China's Volt Typhoon Infiltrates US Networks
- Coordinated Cyber Attack: Over 400 IPs Exploiting SSRF Vulnerabilities
- Critical FreeType 2 Vulnerability Exploited in Attacks: Facebook Warns of Arbitrary Code Execution Risks
- Critical and Zero-Day Flaws: Microsoft's Patch Tuesday Addresses Over 50 Vulnerabilities
- Apple Patches Critical WebKit Zero-Day Vulnerability Amid Targeted Attacks
- Unmasking Real Threats: Why Your Risk Scores Might Be Deceptive
- Microsoft March 2025 Patch Tuesday: Addressing 7 Zero-Days and 57 Vulnerabilities
- Mass Exploitation of Critical PHP RCE Vulnerability on Windows Systems
- Critical Ivanti EPM Vulnerabilities Actively Exploited: CISA Issues Urgent Warning
- Critical Updates: CISA Issues Two New Industrial Control Systems Advisories
- CISA Updates Catalog with Six New Exploited Vulnerabilities
- CISA Adds Critical Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
- Critical WebKit Zero-Day Vulnerability Patched by Apple
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
- AdTech CEO Jailed for Financial Fraud After Building Fraud-Detection Products
- Adobe warns Windows 10 users to Remove Flash Player
- A special link in Windows 10 causes a blue screen of death
- How to disable all Android smart phone sensors?
- How to determine a Windows product key using a VBS file?
- Vulnerability in the WordPress add-on Contact Form 7, which has 5 million installations
- VULNERABILITIES IN SAMSUNG SMARTPHONES ALLOW FOR FULL CONTROL OF THE DEVICE
- Structured Threat Intelligence Graph – new tool to protect the grid from cyber attacks
- Spammers use Google services
- Remote Desktop Services - Vulnerability
- Popular Convert Plus Plugin Vulnerability Exploit
- OWASP mobile top 10 security risks explained with real world examples
- Over 50,000 Windows MS-SQL and PHPMyAdmin Servers Worldwide with 20 Different Payloads
- MORE THAN HALF OF MAIL SERVERS ARE SUBJECT TO CRITICAL VULNERABILITIES
- Missing Sum at Bottom Right Corner in excell (FIX)
- Millions servers affected by Exim software
- For 0-day vulnerabilities in Windows, temporary patches
- Microcodes released to fix MDS problems in Windows 10
- Google fixed a 0-day vulnerability in Chrome
- Echobot malware is a smorgasbord of vulnerabilities
- Critical RCE bug found in VLC Media Player
- A Critical Vulnerability has been discovered in the free nginx web server
- WP Live Chat Support - Vulnerability
- WordPress plugin can let hackers wipe up to 200,000 sites
- Windows search not working (FIX)
- Windows 10 Update, can broke file system and the PC will stop booting